Spideroak's launch of Crypton prompted an interesting discussion on Twitter between myself and a few others. This mostly involved some fairly common "open source" versus "free software" objections to the use of the AGPL for the open source project as a marketing tactic to drive sales of commercial licenses for Spideroak. That conversation prompted me to post the following:

Myself, I'm lazy, so I'm a fan of permissive licensing - this blog is CC0, and the open source stuff I write and license entirely myself uses the Simplified BSD License (which only has 2 clauses in it, and is pretty much limited to disclaiming warranties and saying "Hey, I wrote this"). Those license choices accurately reflect the effort I'm prepared to put into enforcing the legal rights I receive by default under current copyright regimes: absolutely none.

However, I'm not dependent on that software or this blog for my livelihood - they're a hobby, something I do because I want to, not because I need to. My lack of concern about these matters is a luxury and a privilege, because I don't need to worry about where my next meal is coming from - I have a stable job for that, with an employer I thoroughly respect and greatly enjoy working for.

Plenty of people and organizations around the world have gained value from my hobby (and will likely gain more in the future), and the pay-off I see personally is purely in terms of immediate enjoyment, long term reputation gain, and the opportunity to meet and become friends with interesting people I would never have encountered otherwise.

That means it saddens me when companies that are making their software freely available to the world are derided for not being open enough when they make the strategic decision to employ a dual licensing model, and also choose to use the GPL or AGPL to create an enforced commons on the open source side, thus making the commercial offering more attractive. They get accused of wanting to "exploit" the developers that might choose to participate in their project, because the sponsoring company controls the copyrights and can issue commercial licenses, while the third party developers "only" get to use (and customise, and redistribute) the software for free.

Being able to categorically deny such accusations is definitely one of the advantages of a "license in = license out" model for a sponsored project, where the original sponsor quickly becomes bound by the same license obligations as everyone else, but dual licensing is still several orders of magnitude better than keeping a solution proprietary.

There are many potential consumers who will consider being able to use software as more important than being able to redistribute it under a more permissive or closed license, and even for those that eventually decide they want a commercial license, dual licensing allows true "try before you buy" evaluation (since even the AGPL doesn't really kick in if you're not making your service available to the general public over the internet). Even the most ardent GPL detractors are also likely happy to use GPL software when it meets their needs, whether that's in the form of an OS (Linux), or cryptographic software (GPG), etc.

The strategic fears that lead many companies taking their hesitant first steps into the open source arena to favour copyleft licenses over permissive ones shouldn't be dismissed lightly. I'm young enough that I only caught the tail end of the proprietary Unix wars (mostly through antiquated platform specific cruft in the CPython code base), but I personally lay a lot of the credit for Linux avoiding the fragmented state of AIX/IRIX/Tru64/HP-UX/Solaris at the feet of the GPL. The legal strength of the GPL means that competitors with no reason to trust each other at the strategic level can still collaborate effectively at a technical level (up to a point, anyway).

The free software world is still a minnow in the overall software development picture, the vast majority of which is still bespoke intranet deployments. Even when those deployments are based on free or open source software, it's hardly likely to be used as a selling point to those customers. Regardless of high profile tech companies like Google and Amazon, the "cloud" is still in its infancy, and it is going to be a long time before many organisations are willing to trust cloud providers with their data. In the meantime, the likes of Microsoft, Oracle and IBM continue to make money hand over fist. Red Hat may be huge by open source company standards, and have some high profile customers, but we still have a long way to go before we're even close to matching the proprietary giants in scale and ubiquity.

The battle to convince people that sharing leads to better software is not over by any means. It still needs to be fought, and fought hard, until paying for proprietary software rather than certified open source software is an unusual aberration rather than the norm that it still is today.

The friendly fire often directed by advocates of permissive licensing against those that choose to enforce an open commons to assuage understandable fears is not helpful in that broader fight. We should be celebrating the fact that another company has taken a step towards open development, rather than lamenting the fact they didn't travel all the way from proprietary to permissive licensing in one flying leap.